RE: Hurricane Fatigue

["Aleksander P. Czarnowski" <alekc () avet com pl>]

> No one cares about hurricanes in Miami - most people didn't bother to 
> evacuate. They slept through it, from what we can tell. Immunity's 
> administrative team (I.E. myself and Justine) evacuated yesterday 
> morning. I think you could make a lot of money in Florida selling 
> "hurricane business centers" that allowed you to bring your pets. 
> Basically high end hotels that are underground and have generators would 
> do well, I think.

Good to know you all are fine :)
 
> Also, happy birthday to Joanna of invisiblethings.org. Go buy a custom 
> rootkit detector today!
>
> http://isc.sans.org/diary.php?storyid=787 <-- hahaha :>
> Also, everyone started thinking there was going to be a MS05-047 worm, 
> but there's not going to be, cause it's just not that easy. Then they 
> realized it was the older UMPNP bug, so whatever. You can always tell 
> the difference between IDS people who haven't written (or tried to 
> write) the exploit, and people who have. The Snort BackOrifice bug is a 
> lot easier than people are making it sound. "Thousands of versions..." I 
> dunno where they get this. :> I haven't tested our sploit against the 
> Sourcefire appliance, but I'm pretty sure one of our two versions would 
> work out of the box. Does anyone actually run Win32 Snort? I could whip 
> it up on the plane back to Miami, I guess, if anyone has it installed. 
> The benefit of open source IDS's is that you can install them on a 
> grseced box though...so it's possible there won't be a worm because 
> everyone has that high level of protection only Linux can offer, right? :>
Actually some people do run snort on Win32 systems - I can back up my guess by following (a bit old but still useful) 
article on SecurityFocus site ;)

Running Snort on IIS Web Servers: Part I 
http://www.securityfocus.com/infocus/1315

Cheers,
Aleksander Czarnowski
AVET INS